The federal government has failed to establish national priorities for critical infrastructure protection.

The federal reorganization since 9/11 has raised the difficulty and transaction costs for the private sector to work with the federal government.

Information sharing between government and the private sector remains stunted.

Overall investment in private sector security initiatives has been modest.

Private sector protective efforts have been more effective in sectors that face regular threats of criminal attack and in sectors that already must comply with established security regulations.

The federal government has failed to provide meaningful incentives or standards for securing critical sectors that pose the highest risk and where voluntary efforts have proven to be insufficient.

The private sector has not been effectively integrated into response and recovery planning for major disasters, though some promising public-private initiatives have been piloted.

The federal government has not adequately developed alternatives to shutting down entire economic sectors in the aftermath of a terrorist attack, nor has it done sufficient planning for reopening these sectors.

Insurance adoption has been promising, but it requires continued government engagement in the insurance market to be sustained.

And it offers the following recommendations about how to improve this situation:

Either DHS or a group of outside experts needs to quickly complete, as required by law, a national list of priorities for critical infrastructure that can serve as a strategic road map for spending and protective actions. At the same time, Washington should not allow completion of this list to delay immediate efforts to improve security where well-known and widely acknowledged security gaps exist.

Washington must move beyond talking about the need to dramatically improve information sharing with the private sector and hold government officials accountable for actually doing it.

DHS must strengthen the quality and experience of its personnel. One way to do this would be to establish a personnel exchange program with the private sector.

Congress and the administration should work closely with industry to establish security standards and implement and enforce regulations where necessary and, especially, where industry is seeking standards and regulation.

Congress should establish targeted tax incentives to promote investments in security and resiliency in the highest-risk industries.

Homeland security officials should substantially increase the number of exercises for responding to catastrophic events. Private sector assets and capabilities should be fully integrated into these exercises, with a view to achieving deeper private sector integration into national and regional emergency response plans.

Federal response plans should identify specialized supplies/capabilities that will be in short supply following certain types of terrorist incidents or high-consequence events, including vaccines, ventilators, electric transformers, laboratory capacity, and decontamination equipment. Washington should work with the private sector to ensure the availability of these supplies and capabilities.

Overall, this is a thoughtful and balanced report, and an important contribution to the policy debate on homeland security. DHS and the private sector should take its recommendations seriously, and Congress should consider moving forward on ones that require legislative action.

These are bright maybe even brilliant guys. So why is it that no one seems to know that DHS was specifically deprived on standard setting authority (see the recent DHS/OIG report) and the whole history of Post 9/11 has been a game of musical chairs on critical infrastructure and security. The best lobbyists win and no one watches out for the public interest. In a way federal policy is too blame. I would say that the feds have screwed up energy the worst so perhaps that is one area the feds should be most accountable for maintaining operability, interoperatbility, compatibility, restorability etc. The rest of the private market should realize that if they wait for the feds to do it they will be out of business after the next large scale incident/event because there is no one home at the federal level without special legislatin post incident/event and again the best lobbyists with the most cash will triumph. Look at the airlines, perhaps Tom Daschle’s lasting contribution to post-9/11 events was facilitating his wife’s lobbying for the Airline industry which won the most of the taxpayers money after years of resisting adquate security measures that would have prevented 9/11 from happening the way it did. After all we had air-marshalls in the 70′s and armored cockpits on some carriers since then also. Congress is out of cash and intellect so “Katie bar the door” except the horses are long gone from the barn. Amend the federal bankruptcy code to mandate security as a first priority for any company continuing to do business while in bankruptcy. This would certainly stimulate interest in the airlines.